On Sat, 2006-04-01 at 18:11 -0800, Antonio Olivares wrote: > > --- Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote: > > > On Sat, 2006-04-01 at 17:56 -0800, Antonio Olivares > > wrote: > > > Dear all, > > > As I had some previous trouble with selinux, > > and > > > have gotten little to no advice, I read through > > the > > > fedora wiki, and fedora selinux-faq and previous > > > knowlege/advice from fedora-list > > > > Can you state what trouble you had specifically? > > > > Rahul > > > > > Ok here we go, I sent these messages to > fedora-selinux-list as shown > > ------------------------------ > > Message: 6 > Date: Sat, 1 Apr 2006 00:51:47 -0800 (PST) > From: Antonio Olivares <olivares14031@xxxxxxxxx> > Subject: nfs avc messages with > kernel-2.6.16-1.2069_FC4 > To: fedora-selinux-list@xxxxxxxxxx > Message-ID: > <20060401085147.91904.qmail@xxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="iso-8859-1" > > Dear all, > I decided to install latest FC4 kernel > 2.6.16-1.2069_FC4 or so. Upon booting I can no longer > surf the internet. I get some avc denied messages > from dmesg. How can I fix this issue? > > I do not want to disable selinux. > > TIA, > > Antonio > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: dmesg-selinux04012006.log > Type: text/x-log > Size: 15583 bytes > Desc: 4111971101-dmesg-selinux04012006.log > Url : > https://www.redhat.com/archives/fedora-selinux-list/attachments/20060401/45456085/dmesg-selinux04012006.bin > > ------------------------------ > > > Message: 1 > Date: Sat, 1 Apr 2006 09:57:40 -0800 (PST) > From: Antonio Olivares <olivares14031@xxxxxxxxx> > Subject: Re: nfs avc messages with > kernel-2.6.16-1.2069_FC4 > To: fedora-selinux-list@xxxxxxxxxx > Message-ID: > <20060401175740.57441.qmail@xxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset=iso-8859-1 > > > RE: nfs avc messages with kernel-2.6.16-1.2069_FC4 > > Message: 6 > Date: Sat, 1 Apr 2006 00:51:47 -0800 (PST) > From: Antonio Olivares <olivares14031@xxxxxxxxx> > Subject: nfs avc messages with > kernel-2.6.16-1.2069_FC4 > To: fedora-selinux-list@xxxxxxxxxx > Message-ID: > <20060401085147.91904.qmail@xxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="iso-8859-1" > > Dear all, > I decided to install latest FC4 kernel > 2.6.16-1.2069_FC4 or so. Upon booting I can no longer > surf the internet. I get some avc denied messages > from dmesg. How can I fix this issue? > > I do not want to disable selinux. > > TIA, > > Antonio > > ====================================================== > > Here are the avc's. Since they were not present in > the previous email to fedora-selinux-list@xxxxxxxxxx > > I do not want to disable selinux to be able to surf > the internet. How can I take care of this? > > I appreciate all comments/help I can get. > > SELinux: initialized (dev binfmt_misc, type > binfmt_misc), uses genfs_contexts > ip_tables: (C) 2000-2006 Netfilter Core Team > Netfilter messages via NETLINK v0.30. > ip_conntrack version 2.4 (3071 buckets, 24568 max) - > 232 bytes per conntrack > audit(1143912938.407:2): avc: denied { sendto } for > pid=1620 comm="rpc.statd" > scontext=system_u:system_r:rpcd_t > tcontext=system_u:object_r:unlabeled_t > tclass=association > audit(1143912938.447:3): avc: denied { sendto } for > pid=1620 comm="rpc.statd" > scontext=system_u:system_r:rpcd_t > tcontext=system_u:object_r:unlabeled_t > tclass=association > audit(1143912938.463:4): avc: denied { sendto } for > pid=1620 comm="rpc.statd" > scontext=system_u:system_r:rpcd_t > tcontext=system_u:object_r:unlabeled_t > tclass=association > > > Also on another machine > I installed kernel-2.6.16.1 to an FC3 machine with > selinux disabled and I tried to reenable it since this > kernel comes with selinux in its options and i > compiled it in. Yet when I rebooted it gave me a > kernel panic that no policy was in place. How should > I define such a policy? Is there a tarball somewhere > that I can get, or suggestions since FC3 is in legacy > already? > > Regards, > > Antonio > > -------------------------------------------------- > > I have just set Selinux to permissive mode and I have > just submitted those new avc's. I just need a little > bit of help cause I just do not want to give up on > SELinux. I want to set it back to enforce but I need > to take care of those issues and learn how to tackle > them. > > Thanks for helping, ---- maybe I'm dense but the only thing I saw was the same avc denied several times for rpc.statd which relates to nfs but has nothing to do with web browsing/internet. are you saying that web browsing is working in permissive mode and not working in targeted/enforcing mode? Craig -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
